Performing bulk updates – Microsoft MS-900 Exam Prep Materials

Managing device settings- Managing Azure Active Directory Objects

Azure AD offers the ability to ensure that users are accessing Azure resources from devices that meet corporate security and compliance standards. Device management is the foundation of device-based conditional access, where you can ensure that access to the resources in your environment is only possible from managed devices.

Device settings can be managed from the Azure portal. To manage your device settings, your device needs to be registered or joined to Azure AD.

To manage the device settings from the Azure portal, you have to perform the following

steps:

Navigate to the Azure portal by opening https://portal.azure.com.
In the left-hand menu, select Azure Active Directory.
In the Azure AD Overview blade, under Manage, select Devices, as follows:

Figure 1.14 – The Azure AD Devices blade

The device management blade will open. Here, you can configure your device management settings, locate your devices, perform device management tasks, and review the device management-related audit logs.

To configure the device settings, select Device settings from the left-hand menu. From here, you can configure the following settings, which are shown in the following screenshot:
- Users may join devices to Azure AD: Here, you can set which users can join their devices to Azure AD. This setting is only applicable to Azure AD join on Windows 10.
- Users may register their devices with Azure AD: This setting needs to be configured to allow devices to be registered with Azure AD. There are two options here: None, that is, devices are not allowed to register when they are not Azure AD joined or hybrid Azure AD joined, and All, that is, all devices are allowed to register. Enrolment with Microsoft Intune or MDM for Office 365 requires registration. If you have configured either of these services, All is selected and None is not available.
- Require Multi-Factor Authentication to register or join devices with Azure AD: Here, you can request that the user is required to perform MFA when registering a device. Before you can enable this setting, MFA needs to be configured for the users who register their devices.
- Maximum number of devices per user: This setting allows you to select the maximum number of devices that a user can have in Azure AD.
- Manage Additional local administrators on all Azure AD joined devices: This setting allows you to add additional local administrators for Azure AD joined devices.
- Manage Enterprise State Roaming settings: This setting provides users with a unified experience across all of their Windows devices and reduces the turnaround time when configuring new devices:

Figure 1.15 – The Azure AD Device settings blade

To locate your devices, under Manage, select All devices. In this overview, you will see all the joined and registered devices, as follows:

Figure 1.16 – The Azure AD All Devices blade displaying all of the devices linked to Azure AD

Additionally, you can select the different devices from the list to get more detailed information about the device. From here, global administrators and cloud device administrators can Disable or Delete the device, as follows:

Figure 1.17 – The Azure AD Device details for a specific device with the option to Disable or Delete the selected device

To audit logs, under Activity, select Audit logs. From here, you can view and download the different log files. Additionally, you can create filters to search through the logs, as follows:

Figure 1.18 – The Azure AD Device Audit logs blade

This concludes our section on how to manage your device settings via the Azure portal.

We encourage students to read up further by using the following links:

Next, we are going to look at how to perform bulk user updates.

Technical requirements- Managing Azure Active Directory Objects-2

Figure 1.2 – The Azure AD user creation page part 1

Leave the sections under Groups and Roles in their default settings for now.
Next, we need to fill in information regarding the following:
1. Job title: Azure administrator
1. Department: IT
1. Company name: Packt1
1. Usage location: South Africa
1. Block sign in: No
1. Manager: No manager selected:

Figure 1.3 – The Azure AD user creation page part 2

Click on Create.
Repeat these steps to create two more users: PacktUser2 and PacktUser3.

Now that we have created users in our Azure AD tenant, we can add them to a group in Azure AD.

Creating groups in Azure AD

There are two main group types, as follows:

Security groups: These groups serve the same function as traditional on-premises groups, which is to secure objects within a directory. In this case, it is to secure objects within Azure AD.
Microsoft 365 groups: These groups are used to provide a group of people access to a collection of shared resources that is not just limited to Azure AD but also includes shared mailboxes, calendars, SharePoint libraries, and other Microsoft 365-related services.

Security groups are used as container units to group users or devices together. There are three main membership types for security groups:

Assigned: This is where you manually assign users to a group.
Dynamic user: This is where you can specify parameters to automatically group users, for example, grouping all users who have the same job title.
Dynamic device: This is where you can specify parameters to automatically group devices, for example, grouping all devices that have the same operating system version.

To create and manage groups from the Azure AD tenant in the Azure portal, you have to perform the following steps:

Navigate to the Azure portal by opening a web browser and browsing to https://portal.azure.com.
In the left-hand menu, select Azure Active Directory.
Under the Manage blade of Azure AD in the left-hand menu, select Groups | All groups. Then, select the + New group option from the top-level menu, as follows:

Figure 1.4 – The Azure AD group creation page part 1

Add the following values to create the new group:
- Group type: Security
- Group name: Azure Admins
- Group description: Dynamic group for all Azure Admins
- Azure AD roles can be assigned to the group: No
- Membership type: Dynamic User
- Owners: No owners selected:

Figure 1.5 – The Azure AD group creation page part 2

Refer to the following screenshot to add a dynamic query.

For the Dynamic Query rule, the property is jobTitle, the operator is Equals, and the value is Azure Administrator, as shown in the following screenshot:

Figure 1.6 – The Azure AD group dynamic query

Click on Create.

Tip

Remember that when using dynamic groups, a Premium P1 license needs to be assigned to the user.

Now that we have created the group, replication takes around 5 minutes. Refresh the Azure web page, and the users will appear as members of the Azure Admins group that we just created:

Figure 1.7 – The Azure AD group’s dynamic group users added automatically based on the membership rules

In this section, we took a look at Azure AD users and groups and created a few accounts. We also created a dynamic membership group to include users via dynamic membership rules.

We encourage students to read up further by using the following links, which are based on Azure AD fundamentals such as adding users in Azure AD, assigning RBAC roles, creating Azure AD groups, and also creating dynamic groups in Azure AD:

Next, we are going to look at Azure AUs, specifically where they can be used and how to create an AU.

News and commentary about the exam objective updates-MS-900 Microsoft 365 Fundamentals, Second Edition exam updates

The current official Microsoft Study Guide for the MS-900 Microsoft 365 Fundamentals exam is located at https://learn.microsoft.com/en-us/certifications/resources/study-guides/MS-900. This page has the most recent version of the exam objective domain.

This statement was last updated in August 2023, before Exam Ref MS-900 Microsoft 365 Fundamentals, Second Edition was published.

This version of this Chapter has no news to share about the next exam release.

In the most recent version of this Chapter, the MS-900 Microsoft 365 Fundamentals exam version number was Version 1.1.

Updated technical content

The current version of this Chapter has no additional technical content.

Objective mapping

This Exam Ref is structured by the author(s) based on the topics and technologies covered on the exam and is not structured based on the specific order of topics in the exam objectives. The table below maps the current version of the exam objectives to chapter content, allowing you to locate where a specific exam objective item has coverage without consulting the index.

TABLE 7-1 Exam Objectives mapped to chapters.

Exam Objective	Chapter
Describe cloud concepts
Describe the different types of cloud services available Describe Microsoft SaaS, IaaS, and PaaS concepts and use cases Describe differences between Office 365 and Microsoft 365	1
Describe the benefits of and considerations for using cloud, hybrid, or on-premises services Describe public, private, and hybrid cloud modelsCompare costs and advantages of cloud, hybrid, and on-premises services Describe the concept of hybrid work and flexible work	1
Describe Microsoft 365 apps and services
Describe productivity solutions of Microsoft 365 Describe the core productivity capabilities and benefits of Microsoft 365 including Microsoft Outlook and Microsoft Exchange, Microsoft 365 apps, and OneDrive Describe core Microsoft 365 Apps including Microsoft Word, Excel, PowerPoint, Outlook, and OneNote Describe work management capabilities of Microsoft 365 including Microsoft Project, Planner, Bookings, Forms, Lists, and To Do	2
Describe collaboration solutions of Microsoft 365 Describe the collaboration benefits and capabilities of Microsoft 365 including Microsoft Exchange, Outlook, Yammer, SharePoint, OneDrive, and Stream Describe the collaboration benefits and capabilities of Microsoft Teams and Teams Phone Describe the Microsoft Viva apps Describe the ways that you can extend Microsoft Teams by using collaborative apps	2
Describe endpoint modernization, management concepts, and deployment options in Microsoft 365 Describe the endpoint management capabilities of Microsoft 365 including Microsoft Endpoint Manager (MEM), Intune, AutoPilot, and Configuration Manager with cloud attachCompare the differences between Windows 365 and Azure Virtual Desktop Describe the deployment and release models for Windows-as-a-Service (WaaS) including deployment ringsIdentify deployment and update channels for Microsoft 365 Apps Describe endpoint modernization, management concepts, and deployment options in Microsoft 365 Describe the endpoint management capabilities of Microsoft 365 including Microsoft Endpoint Manager (MEM), Intune, AutoPilot, and Configuration Manager with cloud attachCompare the differences between Windows 365 and Azure Virtual Desktop Describe the deployment and release models for Windows-as-a-Service (WaaS) including deployment ringsIdentify deployment and update channels for Microsoft 365 Apps	2
Describe analytics capabilities of Microsoft 365 Describe the capabilities of Viva Insights Describe the capabilities of the Microsoft 365 Admin center and Microsoft 365 user portal Describe the reports available in the Microsoft 365 Admin center and other admin centers	2
Describe security, compliance, privacy, and trust in Microsoft 365
Describe identity and access management solutions of Microsoft 365 Describe the identity and access management capabilities of Microsoft Entra IDDescribe cloud identity, on-premises identity, and hybrid identity concepts Describe how Microsoft uses methods such as multi-factor authentication (MFA), self-service password reset (SSPR), and conditional access to keep identities, access, and data secure	3
Describe threat protection solutions of Microsoft 365 Describe Microsoft 365 Defender, Defender for Endpoint, Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and the Microsoft 365 Defender PortalDescribe Microsoft Secure Score benefits and capabilities Describe how Microsoft 365 addresses the most common types of threats against endpoints, applications, and identities	3
Describe trust, privacy, risk, and compliance solutions of Microsoft 365 Describe the Zero Trust ModelDescribe Microsoft Purview and compliance solutions such as insider risk, auditing, and eDiscoveryDescribe how Microsoft supports data residency to ensure regulatory compliance Describe information protection features such as sensitivity labels and data loss preventionDescribe the capabilities and benefits of Microsoft Priva	3
Describe Microsoft 365 pricing, licensing, and support
Identify Microsoft 365 pricing and billing management options Describe the pricing model for Microsoft cloud services including enterprise agreements, cloud solution providers, and direct billing Describe available billing and bill management options including billing frequency and methods of payment	4
Identify licensing options available in Microsoft 365 Describe license managementDescribe the differences between base licensing and add-on licensing	4
Identify support options for Microsoft 365 services Describe how to create a support request for Microsoft 365 services Describe support options for Microsoft 365 services Describe service level agreements (SLAs) including service creditsDetermine service health status by using the Microsoft 365 admin center or the Microsoft Entra admin center.	4

Determine service health status by using the Microsoft 365 admin center or the Microsoft Entra admin center-Understand Microsoft 365 pricing and support

Monitoring the continuous operation of the Microsoft 365 services is a critical part of the administration process, and the Microsoft 365 admin center includes a Health menu that provides a real-time display of the status of the individual services when administrators select the Service Health option, as shown in Figure 4-17.

FIGURE 4-17 The Service Health page in the Microsoft 365 admin center

In addition to displaying the healthy services, the Service Health screen also lists other service status conditions:

Advisories Indicates that the service is still available but that a known condition is inhibiting its performance. The condition might cause intermittent interruptions, affect only some users, or be limited in scope. In some cases, a workaround might be available.
Incidents Indicates that a critical issue has been discovered that is rendering all or a significant part of the service unavailable or unusable. Typically, incidents are updated on their detail pages with information about the issue’s investigation, mitigation, and resolution.

Selecting the Issue History tab on the Service Health page displays details about the resolved incidents and advisories, as shown in Figure 4-18, including the service affected, its current status, and the time the advisory was posted.

FIGURE 4-18 The Issue History tab of the Service Health page in the Microsoft 365 admin center

The Status indicators on the Service Health pages can have values such as the following:

Investigating Indicates that Microsoft is aware of the issue and is currently gathering information before taking action
Service Degradation Indicates that the service is experiencing intermittent interruptions, performance slowdowns, or failure of specific features
Service Interruption Indicates that a significant, repeatable issue is occurring, which is preventing users from accessing the service
Restoring Service Indicates that the cause of the issue has been determined and remediation is underway, which will result in service restoration
Extended Recovery Indicates that remediation of the issue is in progress, but restoring service for all users may take some time or that an interim fix is in place that restores service until a permanent solution is applied
Investigation Suspended Indicates that Microsoft is awaiting information from subscribers or other parties before the issue can be diagnosed or further action can be taken
Service Restored Indicates that Microsoft has taken corrective action to address the issue and has successfully brought the service back to a healthy state
Post-Incident Report Published Indicates that documentation on the issue has been published containing an explanation of the root cause and steps to prevent a reoccurrence

Each advisory or incident includes a detail page containing more information, as shown in Figure 4-19. This information may include a greater elaboration on the user impact of the advisory or incident and a log of its status as it proceeds through the process of being addressed, documented, and resolved.

FIGURE 4-19 An advisory detail pane in the Microsoft 365 admin center

When an incident prevents administrators from signing in to the Microsoft 365 admin center console, a separate Microsoft 365 Service Health Status page (available at status.office365.com) indicates the health of the Microsoft 365 services, as shown in Figure 4-20.

FIGURE 4-20 The Microsoft 365 Service Health Status page

It is also possible to monitor the health of the various Microsoft 365 services in the Microsoft Entra admin center and create new service requests, as shown in Figure 4-21.

FIGURE 4-21 The New Support Request page in the Microsoft Entra admin center

Describe support options for Microsoft 365 services-Understand Microsoft 365 pricing and support

All Microsoft 365 subscriptions include access to basic support services, but for some types of subscribers or subscribers with special needs, there are alternative methods for obtaining support, such as the following:

FastTrack Microsoft’s FastTrack program uses a specialized team of engineers and selected partners to provide subscribers transitioning to the cloud with assistance in the envisioning, onboarding, and ongoing administration processes. Subscribers participating in this program are provided with a contact for support issues during the FastTrack transition.
Volume Licensing Subscribers with an Enterprise Agreement or a Microsoft Products and Services Agreement that includes Software Assurance receive a specified number of support incidents as part of their agreement. The Software Assurance program includes 24×7 telephone support for business-critical issues and business hours or email support for noncritical issues.
Cloud Solution Providers For subscribers who obtain Microsoft 365 through a Cloud Solution Provider (CSP), the CSP should be their first point of contact for all service and support issues during the life of the subscription. The reseller agreement between CSPs and Microsoft calls for the CSP to take full responsibility for supporting their customers, although the CSP can still escalate issues to Microsoft when they cannot resolve them independently.
Microsoft Professional Support Subscribers with support issues beyond the standard service provided with Microsoft 365 can use Microsoft Professional Support to open support requests on a pay-per-incident basis, as shown in Figure 4-16. Individual incidents are available, as are five packs of incidents.

FIGURE 4-16 The Create a New Support Request screen in Microsoft Professional Support

Microsoft Unified Support Subscribers can purchase a Microsoft Unified Support plan in addition to their Microsoft 365 subscriptions. Microsoft Unified Support is available at three levels: Core Support, Advanced Support, and Performance Support; each level provides increasing levels of included support hours, incident response times, and access to a technical account manager (TAM), along with increasing prices. Customers also receive access to the Microsoft Services Hub, a support portal that provides forms for submitting support requests, access to ongoing Microsoft support incidents, tools for assessing enterprise workloads, and on-demand education and training materials.

Software assurance

For Enterprise Agreement and, optionally, for Microsoft Products and Services Agreement customers, Software Assurance provides a variety of additional services, including the following, which can benefit Microsoft 365 licensees:

Planning Services Provides a number of partner service days, based on the number of users/devices licensed, to deploy Microsoft operating systems, applications, and services.
Microsoft Desktop Optimization Pack (MDOP) Provides a suite of virtualization, management, and restoration utilities, including Advanced Group Policy Management (AGPM), Microsoft Application Virtualization (App-V), Microsoft User Experience Virtualization (UE-V), Microsoft BitLocker Administration and Monitoring (MBAM), and Microsoft Diagnostics and Recovery Toolset (DaRT).
Windows Virtual Desktop Access Rights (VDA) Provides users with the rights needed to access virtualized Windows instances.
Windows to Go Use Rights Enables administrators to create and furnish users with USB storage devices containing bootable Windows images that include line-of-business applications and corporate data.
Windows Thin PC Enables administrators to repurpose older computers as Windows Virtual Desktop Interface (VDI) terminals.
Enterprise Source Licensing Program Provides organizations with at least 10,000 users or devices with access to the Windows source code for their own software development projects.
Training Vouchers Provides a number of training days based on the number of users/devices licensed for the technical training of IT professionals and software developers.
Step-up License Availability Allows licensees to migrate their licensed software products to a high-level edition.
Spread Payments Enables organizations to pay for three-year license agreements in three equal, annual payments.

Note Additional Software Assurance Benefits

There are additional Software Assurance benefits included that are intended for on-premises server software licensees, such as New Version Rights, which provides the latest versions of the licensed software released during the term of the agreement, and Server Disaster Recovery Rights and Fail-Over Rights, which provide licensees the right to maintain passive redundant servers for fault-tolerance purposes.

Describe the differences between base licensing and add-on licensing-Understand Microsoft 365 pricing and support

Many Microsoft 365 services are maintained as separate add-on products, often in two plans, which customers can purchase to augment the capabilities of their base licenses.

For example, the IT administrators for an organization might decide that the price of purchasing Microsoft 365 Enterprise E5 licenses for all of their users is just too high and that the users don’t need all of the advanced features in the E5 product anyway. They choose the Microsoft 365 Enterprise E3 subscription instead, representing substantial cost savings.

Many administrators were attracted to the E5 product because it includes Microsoft Defender for Endpoint Plan 2, which provides endpoint detection and automated incident remediation. However, this feature alone was not enough to justify the difference in price between E3 and E5. Later, the administrators discovered they could purchase the Microsoft 365 E3 subscriptions as their users’ base license and then purchase Microsoft Defender for Endpoint Plan 2 as an add-on license. For this organization, the total cost of the two subscriptions was far less than the price of Microsoft 365 E5.

Microsoft has many add-on products that allow administrators to assemble a working environment with a curated selection of features. Add-on licenses come in two types, as follows:

Traditional add-on An add-on license linked to a particular base subscription. The add-on subscription is also terminated if the base subscription lapses or is canceled.
Standalone add-on An add-on license that appears as a separate subscription on the Billing pages in the Microsoft 365 admin center, with its own expiration date, independent of the base subscription.

Implementing best practices

As mentioned throughout this book, the Microsoft 365 product is a bundle of services, many of which remain available as separate subscriptions. In addition, subscriptions are available for combinations of individual features within these products.

Finally, to further complicate the picture, combining different licenses in a single Microsoft Entra ID tenancy is possible. With all these options available, organizations contemplating a migration to a cloud-based infrastructure or thinking of adding cloud services to an on-premises infrastructure should design a licensing strategy fulfilling the following requirements:

Provide the organization’s users with the services they need
Avoid providing users with unnecessary services that complicate the maintenance and support processes
Minimize subscription costs

Generally speaking, a Microsoft 365 subscription will likely be significantly less expensive than purchasing subscriptions for each component separately. This might be true even if some users do not need all the Microsoft 365 components.

Obviously, the simplest solution is to choose one Microsoft 365 product and purchase the same subscription for all the organization’s users. This can easily fulfill the first of the requirements but might not be a solution for the other two.

Depending on the nature of the business the organization is engaged in, an Enterprise E5 subscription might be suitable for some users, but there might also be many workers who do not need all the applications and services included in Enterprise E5. Depending on the number of users in each group, the expense of purchasing E5 subscriptions for everyone could be extremely wasteful and require additional administrative effort to provide customized environments for the different user groups. This is one of the primary reasons why Microsoft offers the Microsoft 365 F1 subscription for first-line workers.

Note Microsoft 365 F1

For more information on the Microsoft 365 F1 package, see the “Microsoft 365 Frontline” section earlier in this chapter.

Therefore, the best practice is to compare the features included in each of the Microsoft 365 licenses with the requirements of the various types of users in the organization. In a large enterprise, this can be a complicated process, but in the case of a major migration like this, prior planning is crucial and can save a great deal of expense and effort.

Quick check

Which of the following is not one of the three phases of the Microsoft compliance effort?

Simplify
Assess
Protect
Respond

Quick check answer

Which of the following is not one of the three phases of the Microsoft compliance effort?

The three phases of the Microsoft compliance effort are Assess, Protect, and Respond. Simplify is not one of the three phases.

Skill 4.3: Identify support options for Microsoft 365 services

For many IT professionals, there are important concerns about what happens after their organization commits itself to the use of cloud-based applications and services. These issues include concerns about downtime, monitoring the continuity of Microsoft services, and the product support provided by Microsoft and its partners.

Cost-benefit analysis for cloud vs. on-premises networks-Understand Microsoft 365 pricing and support

Evaluating the total cost of ownership (TCO) for a Microsoft 365 implementation is the relatively simple part of a cost-benefit analysis. There is a monthly or annual fee for each Microsoft 365 user subscription, and those subscriber fees are predictable and ongoing. Contracts might be renewed with different prices at intervals, but those costs still remain predictable. It is possible that costs could rise precipitously in the future when the contracts are renewed, and the subscriber might feel locked into one provider, but that is a risk with any software product.

Predicting the cost of an on-premises network is more difficult. It is common for businesses to categorize their expenses by distinguishing between two types of expenditures, as follows:

Capital expenditures (CapEx) are money spent on fixed assets, such as buildings, servers, and other hardware, deployment expenses, and purchased software.
Operational expenditures (OpEx) are ongoing expenses, such as rent, utilities, staff, and maintenance.

The basic differences between CapEx and OpEx expenditures are shown in Table 4-2.

TABLE 4-2 Capital expenditures versus operational expenditures

	Capital Expenditures (CapEx)	Operational Expenditures (OpEx)
Purpose	Hardware and software assets with at least one year of usefulness	Ongoing business costs
Payment	Initial lump sum	Recurring monthly or annual
Accounting	Three or more years of asset depreciation	Current month or year
Description	Property, equipment, software	Operating costs
Taxes	Multiple years of deduction based on depreciation	Current year deduction

For a Microsoft 365 shop, nearly all the expenses are OpEx, including the subscription fees. There are virtually no CapEx expenses involved, except perhaps for things like initial administrator cloud training. Businesses like working with OpEx expenses because they enable them to create accurate budgets and forecasts.

For an on-premises network, the CapEx outlay required to set up the infrastructure can be enormous, including the cost of building and equipping datacenters and purchasing server software products. Depending on the nature of the business and the sensitivity of the data involved, these expenses can by multiplied by the need for redundant datacenters and equipment. These big expenses must be paid before the network can even go live. These CapEx costs can be amortized or depreciated in the company’s accounts over a period of years, but the initial investment is substantial compared to that of a cloud-based network, which requires almost none.

An on-premises network also has OpEx expenses, including rent, power, and other utilities datacenters require, and the salaries of the staff needed to operate and maintain the datacenter equipment. There are also expensive software upgrades to consider every two to three years. The main cost benefit of an on-premises network is that hardware and software are purchased outright and do not require monthly subscription fees.

There are other factors to consider as well. When designing an on-premises network, the organization must consider the possibility of future growth, as well as seasonal business fluctuations. Therefore, the already substantial CapEx outlay can be increased by the cost of the additional datacenter space and equipment needed to support the busiest times of the year, as well as several years of predicted growth.

A cloud-based infrastructure like that of Microsoft 365 uses a pay-as-you-go model, which can accommodate virtually unlimited growth and occasional business fluctuations with no extra expenses other than the increased subscription fees for the extra services. The organization never pays for hardware and software that it isn’t using. In addition, the growth and fluctuations can be accommodated almost immediately and downsized when necessary, while on-premises resources can require months to approve, obtain, and install.

The entire cost-benefit analysis can be further complicated if the organization has already invested substantially in on-premises infrastructure. For example, if the expanding company already has sufficient space in its datacenters and sufficient IT staff, the CapEx needed for a network expansion can be much less than it would be for an entirely new network installation. The question then becomes whether it is more economical to add to the existing on-premises infrastructure or expand into the cloud, creating a hybrid network that might require additional planning and training to bring personnel up to speed in cloud technologies.

Therefore, the result can only be that every organization must consider its own economic, personnel, and business situations and calculate the TCO of its network options. In a new deployment, a subscription-based, cloud-based option, such as Microsoft 365, can be faster and less expensive to implement, but there are many situations in which organizations might be compelled to consider an on-premises network instead.

Exam Tip

Candidates for the MS-900 exam seeking greater familiarity with the characteristics of cloud-based services versus on-premises services should also consult the “Describe the benefits of and considerations for using cloud, hybrid, or on-premises services” section in Chapter 1, “Describe cloud concepts.”

Collaboration-Understand Microsoft 365 pricing and support

The nature of collaboration in the workplace has changed, so the tools that facilitate collaboration must change with it. One of the primary advantages of cloud-based computing is that it allows users to access enterprise resources from any location. Microsoft 365 takes advantage of that benefit by enabling access to the cloud using nearly any device with an Internet connection. Microsoft Entra ID (formerly known as Azure Active Directory) and Microsoft Intune are services based in the cloud, providing identity and device management functions that secure these user connections to the cloud. These components, along with the increased capabilities and emphasis on smartphones and other mobile devices in the business world, have made Microsoft 365 an unprecedented platform for collaboration.

With an infrastructure in place that can provide users with all but universal access to enterprise resources, the next step toward a collaboration platform is the applications and services that enable users to communicate and share data. Microsoft 365 includes four primary collaboration services—shown in Figure 4-9—that provide different types of communication for different situations. Additional services also provide more specific functions for the other services.

FIGURE 4-9 Microsoft 365 collaboration services

The services that contribute to the collaboration capabilities in Microsoft 365 are as follows:

SharePoint Provides content storage and publishing services for group and personal intranet websites and for all the other Microsoft 365 collaboration tools. A SharePoint site can be a collaboration platform, or its elements can be embedded in other service publications.
Exchange Online/Outlook Provides standard email communication and calendar and scheduling functions. Email is asynchronous communication that can be one-to-one or, with the aid of distribution lists, one-to-many. Scheduling functions can be embedded in other services.
Microsoft Teams Provides synchronous chat- and call-based communication among team members who must communicate quickly and frequently. By incorporating elements from other services, such as Exchange Online scheduling, SharePoint content, and Stream video, Teams can function as a comprehensive collaboration platform.
Yammer Provides a group-based or company-wide private social media service designed to accommodate larger groups than Microsoft Teams or foster a sense of community within the enterprise. Yammer also provides a platform for the functions provided by other services, such as content from SharePoint sites or scheduling with Exchange Online.
Stream Provides video storage and distribution services directly to users in web browsers or embedded in other Microsoft 365 collaboration services, including Exchange Online, SharePoint, Microsoft Teams, and Yammer.
Planner Provides project management services that enable users to create schedules containing tasks, files, events, and other content from Microsoft 365 services.
OneDrive Provides private file storage for individual users unless the user explicitly shares specific documents.

Need More Review? Microsoft 365 collaboration tools

For more information about the collaboration capabilities of the Microsoft 365 services, see the “Describe collaboration solutions of Microsoft 365” section in Chapter 2, “Describe Microsoft 365 apps and services.”

Microsoft Entra ID (Azure Active Directory) and Microsoft 365 Groups provide the identity-management infrastructure for all the Microsoft 365 collaborative services. This enables users and administrators to set up and use these services any way they want. However, the content from the various services is combined; only one set of user accounts and group memberships applies to all. This turns the collection of Microsoft 365 collaboration services into a flexible and interoperable toolkit.

Figure 4-10 illustrates how workers and teams can use the Microsoft 365 collaboration services to work together by creating a digital daily plan containing specific tasks and the circumstances in which they might be performed.

FIGURE 4-10 A sample Microsoft 365 collaboration task schedule

Selling Microsoft 365-Understand Microsoft 365 pricing and support

As noted elsewhere in this book, many IT professionals are hesitant to buy into the idea of cloud-based services, and the cloud is the first and biggest buzzword for the Microsoft 365 product. As a result, Microsoft has devoted a great deal of time, effort, and expense to developing a product and a campaign that can convince people like these to adopt—or at least consider—Microsoft 365 as a viable route for the development of their enterprise infrastructures. The following sections discuss the key selling points for Microsoft 365 in four major areas.

Productivity

Few IT professionals must be sold on Microsoft Office productivity applications, such as Word, Excel, PowerPoint, and Outlook; they are industry standards virtually without competition. However, some do need to be sold on a cloud-based, subscription-based implementation such as Microsoft 365, as opposed to perpetual versions like Office 2019 and 2021. The selling points that make an effective case for Microsoft 365 include the following:

Applications Some people might think that with Microsoft 365, the productivity applications are accessible only from the cloud and that an Internet connection is required to run them. While the productivity applications are indeed accessible from the cloud with a Microsoft 365 subscription, most versions of the product also include fully installable desktop versions of the productivity applications, just like those in Office 2021.
Devices A perpetual Office 2021 license enables a user to install the productivity applications on a single computer; however, with a Microsoft 365 subscription, a user can install the applications on up to five PC, Mac, or mobile devices and sign in to any or all them at the same time. This means that users can run the Microsoft 365 applications on an office computer, a home computer, and a smartphone, plus two other devices, with a single license, while an Office 2021 user would need a separate license for each device.
Installation A Microsoft 365 license includes access to a cloud-based portal, with which users can install the productivity applications themselves on any computer. Office 2021 and other perpetual versions include no self-service portal access and require administrators to install the applications on each device.
Activation When users install the Microsoft 365 productivity applications from the self-service portal, they are automatically activated. They remain activated as long as the computers connect to the Office Licensing Service in the cloud at least once every 30 days. If a device exceeds the 30-day requirement, Microsoft 365 goes into reduced functionality mode, which limits the user to viewing and printing existing documents. Office 2021 and other perpetual versions in an enterprise environment require administrators to keep track of each license’s product key or utilize a network-based activation method, such as Key Management Service (KMS) or Multiple Activation Key (MAK). Once activated, Office 2021 installations do not require periodic reactivation.
Updates Microsoft 365 installations are automatically updated either monthly or semi-annually with the latest security, quality, and feature updates. Office 2021 and other on-premises versions receive security updates but no feature updates. There is also no upgrade path to Office’s next major on-premises version. For example, Office 2019 users must pay full price for a new license to install Office 2021.
Support Office 2021 and other perpetual versions include free technical support for the installation process only. Microsoft 365 subscriptions include free technical support for the life of the subscription.
Storage A Microsoft 365 subscription includes 1 TB of OneDrive cloud storage. Office 2021 and other perpetual versions do not include cloud storage.
Mobile apps Access to the Office mobile apps on devices with screens smaller than 10.1 inches with core editing functionality is free to everyone. Microsoft 365 subscribers receive extra features on all mobile apps. Users of Office 2021 or other perpetual versions do not receive the extra features.

Microsoft 365 subscriptions-Understand Microsoft 365 pricing and support

Most organizations interested in Microsoft 365 as an introduction to cloud-based networking, either as a new deployment or an addition to a traditional on-premises network, will opt for one of the Microsoft 365 Business options or one of the Microsoft 365 Enterprise subscriptions described in the following sections. In addition, there are specialized versions of Microsoft 365 designed for educational and governmental environments.

Microsoft 365 Business

Intended for small- and medium-sized businesses with up to 300 users, the Microsoft 365 Business product comes in three subscription levels: Basic, Standard, and Premium. All three include the standard Office productivity applications: Word, Excel, PowerPoint, and Outlook, and the Microsoft 365 cloud services: Exchange, SharePoint, Microsoft Teams, and OneDrive. The differences between the levels, other than the prices, are as follows:

Microsoft 365 Business Basic Includes only the web and mobile versions of the productivity applications
Microsoft 365 Business Standard Includes all Business Basic features plus downloadable desktop versions of the productivity applications, plus desktop versions of Access and Publisher
Microsoft 365 Business Premium Includes all Business Standard features, plus Azure Active Directory Premium Plan 1 and the advanced security capabilities of Microsoft Intune and the suite of Microsoft Defender applications

Note Microsoft 365 Business for Nonprofits

In addition to the commercial Microsoft 365 Business Basic, Standard, and Premium subscriptions, Microsoft offers full-featured versions at all three levels for qualified nonprofit organizations at special prices.

Microsoft 365 Business is a comprehensive package for organizations that do not maintain a full-time IT staff, which is the case with many small businesses. Deploying Microsoft 365 workstations is largely automated, and the package includes the Microsoft 365 admin center, which provides a unified interface for the setup and management of identities and devices.

Microsoft 365 Business Premium includes Windows Autopilot, which streamlines the deployment of new Windows workstations or upgrading existing ones. For computers with an earlier version of Windows installed, Microsoft 365 provides an upgrade to Windows 11. In addition to Autopilot, Microsoft 365 includes device management settings in Azure Active Directory that can automatically apply policies to newly deployed workstations, including those for functions like the following:

Activation of the Microsoft 365 subscription
Windows 11 and Microsoft 365 updates
Automated installation of Microsoft 365 productivity applications on Windows 11
Control of the device’s screen when the system is idle
Access control to Microsoft Store apps
Access control to Cortana
Access control to Windows tips and advertisements from Microsoft

Another priority of Microsoft 365 Business Premium is to provide security in areas where small businesses often fall short, as shown in Figure 4-1. The suite of security functions and services included in the product protects all the primary areas of a business network: identities, with multifactor authentication; devices, with management capabilities for on-premises and mobile devices; applications, with usage restrictions; email, with threat detection and data loss prevention; and documents, with classification, encryption, and access control.

FIGURE 4-1 Security functions in Microsoft 365 Business Premium

Microsoft 365 Business allows up to 300 user subscriptions in one tenancy, but this does not mean an organization’s network is limited to 300 users. Every user on the network does not need a Microsoft 365 Business license, although only the license-holders can utilize the cloud services included with the product. It is also possible to combine license types in a single tenancy, meaning if an organization running Microsoft 365 Business expands to more than 300 users, more users can be added with Microsoft 365 Enterprise licenses without upgrading the original 300 Business users.